{{- define "metadata_discovery_resources" }}
cpu: 10m
memory: 25Mi
{{- end }}
{{- define "metadata_exporter_resources" }}
cpu: 10m
memory: 25Mi
{{- end }}

{{- if or .Values.istio.federation.enabled .Values.istio.multicluster.enabled }}
  {{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
  name: metadata-exporter
  namespace: d8-{{ $.Chart.Name }}
  {{- include "helm_lib_module_labels" (list . (dict "app" "metadata-exporter")) | nindent 2 }}
spec:
  targetRef:
    apiVersion: "apps/v1"
    kind: Deployment
    name: metadata-exporter
  updatePolicy:
    updateMode: "Auto"
  resourcePolicy:
    containerPolicies:
    - containerName: metadata-discovery
      minAllowed:
        {{- include "metadata_discovery_resources" . | nindent 8 }}
      maxAllowed:
        cpu: 20m
        memory: 50Mi
    - containerName: metadata-exporter
      minAllowed:
        {{- include "metadata_exporter_resources" . | nindent 8 }}
      maxAllowed:
        cpu: 20m
        memory: 50Mi
  {{- end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: metadata-exporter
  namespace: d8-{{ $.Chart.Name }}
  {{- include "helm_lib_module_labels" (list . (dict "app" "metadata-exporter")) | nindent 2 }}
spec:
  {{- include "helm_lib_deployment_strategy_and_replicas_for_ha" . | nindent 2 }}
  revisionHistoryLimit: 2
  selector:
    matchLabels:
      app: metadata-exporter
  template:
    metadata:
      labels:
        app: metadata-exporter
    spec:
      {{- include "helm_lib_node_selector" (tuple . "system") | nindent 6 }}
      {{- include "helm_lib_tolerations" (tuple . "system") | nindent 6 }}
      {{- include "helm_lib_priority_class" (tuple . "cluster-low") | nindent 6 }}
      {{- include "helm_lib_pod_anti_affinity_for_ha" (list . (dict "app" "metadata-exporter")) | nindent 6 }}
      {{- include "helm_lib_module_pod_security_context_run_as_user_nobody" . | nindent 6 }}
      serviceAccountName: alliance-metadata-exporter
      imagePullSecrets:
      - name: deckhouse-registry
      containers:
      - name: metadata-exporter
        {{- include "helm_lib_module_container_security_context_read_only_root_filesystem" . | nindent 8 }}
        image: {{ include "helm_lib_module_image" (list . "metadataExporter") }}
        imagePullPolicy: IfNotPresent
        env:
        - name: CLUSTER_UUID
          value: {{ .Values.global.discovery.clusterUUID }}
  {{- if .Values.istio.federation.enabled }}
        - name: FEDERATION_ENABLED
          value: "true"
  {{- end }}
  {{- if .Values.istio.multicluster.enabled }}
        - name: MULTICLUSTER_ENABLED
          value: "true"
        - name: MULTICLUSTER_API_HOST
          value: {{ include "helm_lib_module_public_domain" (list . "istio-api-proxy") }}
        - name: MULTICLUSTER_NETWORK_NAME
          value: {{ include "istioNetworkName" . | quote}}
  {{- end }}
        ports:
        - name: http
          containerPort: 8080
        readinessProbe:
          httpGet:
            path: /healthz
            port: http
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 30
        livenessProbe:
          httpGet:
            path: /healthz
            port: http
            scheme: HTTP
          initialDelaySeconds: 5
          periodSeconds: 30
        resources:
          requests:
            {{- include "helm_lib_module_ephemeral_storage_logs_with_extra" 10 | nindent 12 }}
  {{- if not (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
            {{- include "metadata_discovery_resources" . | nindent 12 }}
  {{- end }}
        volumeMounts:
        - name: istio-ca-root-cert
          mountPath: /certs/
        - name: authn-keypair
          mountPath: /keys/pub.pem
          subPath: pub.pem
        - name: remote-public-metadata
          mountPath: /remote/
        - name: metadata
          mountPath: /metadata/
      - name: metadata-discovery
        {{- include "helm_lib_module_container_security_context_read_only_root_filesystem" . | nindent 8 }}
        image: {{ include "helm_lib_module_image" (list . "metadataDiscovery") }}
        imagePullPolicy: IfNotPresent
        env:
        - name: DEBUG_UNIX_SOCKET
          value: /tmp/shell-operator-debug.socket
        - name: CLUSTER_DOMAIN
          value: {{ $.Values.global.discovery.clusterDomain | quote }}
        - name: INLET
          value: {{ $.Values.istio.alliance.ingressGateway.inlet | quote }}
        resources:
          requests:
            {{- include "helm_lib_module_ephemeral_storage_logs_with_extra" 10 | nindent 12 }}
  {{- if not (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
            {{- include "metadata_discovery_resources" . | nindent 12 }}
  {{- end }}
        volumeMounts:
        - name: metadata
          mountPath: /metadata/
        - name: tmp
          mountPath: /tmp/
      volumes:
      - name: istio-ca-root-cert
        configMap:
          name: istio-ca-root-cert
      - name: authn-keypair
        secret:
          defaultMode: 420
          optional: true
          secretName: d8-remote-authn-keypair
      - name: remote-public-metadata
        secret:
          defaultMode: 420
          secretName: d8-remote-clusters-public-metadata
      - name: metadata
        emptyDir: {}
      - name: tmp
        emptyDir: {}
{{- end }}
